CVE-2020-7600: 
JavaScript vulnerability analysis and mitigation

The vulnerability CVE-2020-7600 affects the querymen package, a Querystring parser middleware for MongoDB, Express and Nodejs, in versions prior to 2.1.4. The vulnerability was discovered and disclosed on March 12, 2020, and is classified as a Prototype Pollution vulnerability (Snyk Vulnerability).

The vulnerability stems from the exported function handler(type, name, fn) where parameters can be controlled by users without proper sanitization. This implementation flaw could lead to Prototype Pollution attacks. The vulnerability has been assigned a CVSS base score of 5.9 (medium severity) by Snyk and 5.3 by NVD. The technical assessment indicates that the vulnerability is network-accessible with high attack complexity (Snyk Vulnerability).

If exploited, this vulnerability could result in a total loss of confidentiality, potentially exposing all resources within the impacted component to the attacker. The vulnerability has no direct impact on system integrity or availability, but could lead to significant security implications through prototype pollution attacks (Snyk Vulnerability).

The recommended mitigation is to upgrade the querymen package to version 2.1.4 or higher. A fix has been implemented in the codebase that prevents prototype pollution by adding checks for 'constructor' and 'proto' in the handler function (GitHub Commit).